Key generation and broadcasting

ABSTRACT

Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of the co-pending U.S. patent application titled, “KEY GENERATION AND BROADCASTING,” filed on Aug. 16, 2013 and having Ser. No. 13/969,365. The subject matter of this related application is hereby incorporated herein by reference.

BACKGROUND

1. Technical Field

The present disclosure relates generally to computer security. More specifically, techniques are disclosed for key management in a distributed environment.

2. Description of Related Art

Computer security in a cloud environment is a well-known issue in a broad variety of contexts. For example, companies engaging in online commerce are generally subject to data security standards in regard to handling sensitive data of clients of the service. For instance, under the Payment Card Industry (PCI) data standard, a company that accepts credit cards as payment is required to comply with a number of regulations related to handling data, such as credit card information and customer information. Generally, to comply with such regulations, a company uses encryption techniques to protect sensitive data moving across the compliance chain handling payment transactions to and from the cloud.

Typically, to provide security for sensitive data, a company segments the sensitive data and applications accessing the sensitive data into a high security environment. In general computer security terms, this approach is referred to as compartmentalization. While the rest of the computing infrastructure of the company may have security controls adequate for business purposes, the high security environment generally has a higher level of security that include firewalling, detailed audit logs, periodic third-party security assessments for standards compliance (e.g., with PCI, HIPAA, etc.). These computing systems within the high security environment are considered “in-scope” and require compliance with the standards. However, maintaining the high security environment takes time, effort, and expense. That is, the more components included within the high security environment, the more costly and less agile the infrastructure becomes. This is particularly a concern in the cloud environment, where the state of the entire network frequently changes (e.g., with new storage and network elements being introduced, older elements being removed, etc.). This makes it difficult to both enforce security and maintain the agility afforded by cloud services.

SUMMARY

One embodiment presented herein includes a method for managing encrypted key pairs. The method generally includes generating a set of encrypted key pairs and designating, from the set of encrypted key pairs, a first encrypted key pair as a currently active key pair. The method also generally includes designating a time-based window having a size and indicating a number of key pairs that are valid for transactions. The method also generally includes publishing the public key corresponding to the currently active key pair to a key distributor and publishing the set of encrypted key pairs to a key escrow.

Another embodiment includes a method for managing encrypted data. The method generally includes receiving an encrypted message having metadata corresponding to a public key. The method also generally includes identifying a first key pair corresponding to the public key in a set of key pairs. A second key pair in the set is a currently active key pair. The set of key pairs includes a window having a size and indicating a number of key pairs that are valid for transactions. One of the number of key pairs is the currently active key. Upon determining that the identified first key pair is within the window, a decryption key from the key pair is accessed and the message is decrypted.

Other embodiments include, without limitation, a computer-readable medium that includes instructions that enable a processing unit to implement one or more aspects of the disclosed methods as well as a system configured to implement one or more aspects of the disclosed methods.

BRIEF DESCRIPTION OF THE DRAWINGS

So that the manner in which the above recited features of the disclosure can be understood in detail, a more particular description, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only typical embodiments of the present disclosure and are therefore not to be considered limiting of its scope, for the disclosure may admit to other equally effective embodiments.

FIG. 1 illustrates an example computing environment, according to one embodiment.

FIG. 2 illustrates a list of encrypted key pairs, according to one embodiment.

FIG. 3 illustrates a method for managing encrypted key pairs in an example computing environment, according to one embodiment.

FIG. 4 illustrates a method for decrypting messages with keys using a sliding window in an example computing environment, according to one embodiment.

FIG. 5 illustrates a use case for managing encrypted key pairs in a computing environment having multiple key consumer subsystems, according to one embodiment.

FIG. 6 illustrates a computing system configured to manage encrypted key pairs in an example computing environment, according to one embodiment.

FIG. 7 illustrates a computing system configured to maintain an active window of keys, according to one embodiment.

DETAILED DESCRIPTION

Companies apply various approaches to provide security for sensitive data and comply with regulatory standards and minimizing costs. For example, with a static public key approach, each client that needs to send sensitive data downloads a public key from the receiving entity once. Any communication between the client and the receiving entity is encrypted with the public key. However, although this approach does not require many resources within the high security environment, the computing infrastructure is susceptible to data theft if the key is compromised (e.g., if an attacker intercepts and stores historically transacted data). To address this concern, an administrator can issue new keys and revoke the validity of older keys, but doing so may require system downtime while the administrator broadcasts the new keys to systems in the compliance chain. Taking down a system component to update key data may be impractical for companies whose services need to be running at all times. Further, other approaches such as tokenization and using per-transaction symmetric keys often depend on a single point of failure. If a component goes offline, the high security environment may be unable to operate. At that point, an administrator can only either shut the entire system down or continue to operate in an unsecure manner. Both options are also undesirable for companies that need to maintain constantly running services.

Embodiments presented herein provide techniques for managing encrypted public keys in a distributed environment. More specifically, embodiments presented herein provide an automated multiple-key-pair sliding window architecture. In one embodiment, a key publisher in a high security environment generates a list of encrypted key pairs and designates one pair as an active key pair. The key publisher publishes the list to a key escrow service and sends the public key corresponding to the active key pair to a public key distributor. The distributor may be a module that resides outside of the high security environment. The public key distributor provides the active public key to client systems. At a specified interval, the key publisher generates additional keys to append to the encrypted key pair list, designates a new active key pair, and republishes appropriate information to the public key distributor and key escrow. The key publisher may also remove older key pairs from the list.

In one embodiment, a key consumer (i.e., an application residing in the high security environment that processes sensitive client-side data) downloads the encrypted key pair list from the key escrow service. The key consumer maintains an active window within the list of key pairs that the key consumer can accept from client systems communicating sensitive data to the computing infrastructure. That is, the key consumer identifies which public keys can be used to provide encrypted data to the key consumer. The key consumer maintains a copy of the private keys corresponding to the ones in the active window. The active window identifies the currently active key pair as well as a specified maximum number of previous encrypted key pairs. When the key consumer receives a secure message from a client device, the key consumer accesses metadata associated with the message and identifies the version of the pair from the list used to decrypt the message. If the identified key pair does not correspond to one within the active window but is sequentially later in the list (i.e., corresponds to a future key), the key consumer decrypts the message as well as advances the window so that the active key of the window corresponds to the future key. Otherwise, if the corresponding key is not within the active window, no decryption occurs. That is, the window may have advanced past a time where the key was valid. In such a case, the key consumer may abort the operation.

In the following description, numerous specific details are set forth to provide a more thorough understanding of the embodiments. However, it will be apparent to one of skill in the art embodiments of the present disclosure may be practiced without one or more of these specific details. In other instances, well-known features have not been described in order to avoid obscuring the embodiments.

FIG. 1 illustrates an example computing environment 100, according to one embodiment. As shown, FIG. 1 includes a computing infrastructure 105 connected to a network 145. Computing infrastructure 105 may belong to any entity that processes sensitive data to or from one or more client computers 140. For example, computing infrastructure 105 may correspond to an enterprise that processes credit cards as payment from customers and, as a result, has system components in place to comply with PCI standards. Note that in the following, a key sliding window approach that allows a company to comply within PCI standards is used as a reference example to provide an understanding of the embodiments described herein. However, it will be apparent to one of skill in the art that these embodiments are applicable for other compliance standards and security requirements related to key generation and broadcasting. For example, computing infrastructure 105 may correspond to a hospital that allows client computers 140 to access patient records (e.g., through a browser application 142) while maintaining compliance with HIPAA (Health Insurance Portability and Accountability Act) standards.

Computing infrastructure 105 includes a high security environment 110 and a key escrow service 125. Generally, components residing in high security environment 110 are considered “in-scope” with regards to compliance because the components process sensitive data. For example, the components should comply with PCI standards. Computing infrastructure may also include one or more untrusted components 130 that transmits or has access to encrypted data communicated within computing infrastructure 105, despite not being a part of high security environment 110. Typically, by only being able to access encrypted data (and unable to decrypt such data), such systems are “out of scope” for purposes of the PCI standards. That is, a system can receive and pass encrypted information without becoming “in-scope.” In one embodiment, computing infrastructure 105 is a cloud computing network. For instance, a company may want to deploy high security on a cloud infrastructure, regardless of whether the company actually hosts the cloud components. However, in such an environment, virtual machines may be launched to execute (within the cloud network) systems, storage, etc. This presents a challenge in maintaining compliance while keeping data hosted by the cloud secure (e.g., keeping a key in sync with different key consumer services that migrate across multiple hosts).

To address such challenges, embodiments presented herein provide key generation and broadcasting techniques using a sliding window approach. In one embodiment, a high security environment 110 includes system components that handle sensitive data. Illustratively, high security environment 110 includes a key publisher 115 and key consumers 120. Key publisher 115 generates and maintains a list of encrypted key pairs 117 ₁. After generating the encrypted key pairs, key publisher 115 sends the list to key escrow service 125 (shown as key pairs 117 ₃). In addition, key publisher 115 designates one of the key pairs 117 ₁ as an active key pair and publishes the public key corresponding to the active public key (active public key 137) to a public key distributor 135. Further, key publisher 115 purges older keys from the list of key pairs 117. Further, key publisher may run on a hardware security module (HSM) that generates and encrypts the key pairs 117 ₁.

Key escrow service 125 is a highly available persistent store accessible to key publisher 115 and key consumer 120. Key escrow service 125 provides storage for the encrypted key pair list 117 and notifies key consumers 120 of new versions of the list. Although FIG. 1 depicts key escrow service 125 as residing outside high security environment 110, in another embodiment, key escrow service 125 may reside within high security environment 110.

Key consumer 120 is a system component hosting an application that accesses and processes client-side encrypted sensitive data. For example, key consumer 120 may host a billing application for an online merchant. Key consumer 120 downloads the list of encrypted key pairs 117 ₃ from key escrow service 125 (shown here as key pairs 117 ₂) during startup and upon receiving notification from key escrow service 125 of a changed list being available. Upon receiving a client-side encrypted message, key consumer 120 identifies metadata in the message, retrieves the appropriate version of the encrypted key pair within the list of key pairs 117 ₂, and decrypts the key pair to access the decryption key. Thereafter, key consumer 120 uses the decryption key to access the sensitive information within the encrypted message. Generally, only the corresponding key consumer 120 can access cryptographic keys used to decrypt the keys from the list. That is, key publisher 115 encrypts the key or key pairs in the list of key pairs 117 ₁ using different encryption keys. Note that the keys used to access the key pairs are not part of the sliding window. Key consumer 120 can accept a maximum number of previous keys preceding the active public key 137. Doing so allows key consumer 120 to handle slower clients that may have downloaded the key within a reasonable amount of time past but sends encrypted messages shortly after the key publisher has designated a new active key. Further, accepting a smaller number of previous keys limits the scope of compromise in the event an attacker is able to obtain one of the keys. That is, the size of the window is proportional to the data compromise period. For example, if the size of the window allows for ten key pairs, and the key publisher generates one key pair per day, then, in the event of a compromise, an attacker might be able to obtain at most ten days worth of data.

Computing environment 100 includes a public key distributor 135. Public key distributor 135 is a highly available component responsible for distributing active public key 137 to client computers 140 that communicate with key consumers 120 (e.g., in sending or receiving sensitive data, such as credit card information). More specifically, at specified time intervals, key publisher 115 sends the public component of one of the active public key 137 to public key distributor 135. In turn, public key distributor 135 broadcasts the public component of the active key pair to client computers 140. A browser application 142 running in a client computer 140 may receive the active encryption key from public key distributor 135 and use the key to communicate with computing infrastructure 105. For example, client computer 140 may encrypt credit card information, store the encrypted information along with metadata in a message regarding the key used to encrypt the information. The message is then transmitted to key components 120 (e.g., via untrusted components 130 over network 145). In addition, public key distributor 135 may employ a variety of several security controls such as detailed audit logs, file monitoring, configuration monitoring, third-party security assessments, and restricted and authorized access.

Computing environment 100 may also include untrusted components 130. For example, FIG. 1 depicts one untrusted component 130 outside the computing infrastructure 105 and one inside the computing infrastructure 105. A browser application 142 of a client computer 140 might send sensitive data to computing infrastructure 105 via untrusted components 130.

FIG. 2 illustrates an example list 200 of encrypted key pairs, according to one embodiment. At a configurable interval, the key publisher generates encrypted key pairs 205 stored in list 200. During the interval period, the key publisher also assigns a new active key pair and deprecates older key pairs. A shorter specified time interval reduces the amount of data likely to be compromised in the event that an attacker is able to compromise a key pair. In one embodiment, the key publisher is backed by an HSM that generates encrypted key pairs 205. As shown, list 200 includes multiple encrypted key pairs 205 ₁₋₆.

Key consumers and other “in-scope” systems (i.e., the systems that handle sensitive data and are subject to PCI compliance standards) may access the decrypted contents of list 200. For instance, the key publisher may distribute list 200 to a key escrow within the computing infrastructure. In turn, key consumers download the list from the key escrow. As stated, key consumers are generally instantiated as part of applications that decrypt sensitive data sent by client devices. Key consumers use list 200 to decrypt the sensitive data. That is, upon receiving a client-side encrypted message, the key consumer accesses the metadata in the message envelope. Using the metadata, the key consumer accesses the corresponding encrypted key pair from list 200, decrypts the key pair to access the decryption key, and subsequently decrypts the message. As stated, the key publisher may use different keys to encrypt the key pairs. Note that the keys used to decrypt the key pairs are not part of the key window but are merely used to access the encrypted key pairs. In one embodiment, keys used to decrypt the key pair are accessible only to the appropriate key consumer within the high security environment. Further, different key consumers may have different keys for accessing the key pairs in the published list 200.

In one embodiment, the key consumer may apply a windowing key rotation to ensure that the most recent keys can be used to decrypt sensitive data and that older keys cannot be used. The right-hand portion of FIG. 2 illustrates an example windowing approach as applied to list 200 by a key consumer.

The window limits what keys a key consumer will accept as valid. For example, the key consumer may accept a maximum of number of previous keys preceding the active key pair. For example, assume that encrypted key pair 3 (205 ₃) corresponds to the current active key pair, and that the key consumer accepts up to only one key preceding the active key pair. As shown, this corresponds to active window 215, which includes encrypted key pairs 205 ₂₋₃.

Encrypted key pairs 205 ₄₋₆ are future keys 220 because the key pairs are not within active window 215 but have not yet been designated as an active key (by the key publisher). Encrypted key pair 205 ₁ is a past key that falls outside active window 215, precedes the current active key pair, and thus is a deprecated key pair 210. If the key consumer receives a secure message envelope that is encrypted using a future key 220, the key consumer designates the future key 220 as the current active key and advances the window, as appropriate. Using the given windowing example in FIG. 2, if the key consumer receives a secure message with a corresponding encrypted key pair 205 ₅, the key consumer decrypts the message and also marks encrypted key pair 205 ₅ as the active key. In addition, the key consumer moves active window 215 so that the key pairs in the window are encrypted key pairs 205 ₄₋₅.

On the other hand, in one embodiment, if the key consumer receives a secure message envelope from a client that uses a deprecated key pair outside active window 215 but still in list 200, the key consumer may choose to not decrypt the message and may flag a failure to the client that sent the message. However, if the deprecated key pair is no longer in list 200, the key consumer is unable to decrypt the message. Using the given windowing example in FIG. 2, if the client sends to the key consumer an encrypted message using a key corresponding to encrypted key pair 205 ₁, the key consumer uses list 200 to identify encrypted key pair 205 ₁ as an older key outside of active window 215. Because encrypted key pair 205 ₁ corresponds to a deprecated key 210, the key consumer may choose not to decrypt the message. In one embodiment, an administrator may set alerts to capture attempts at sending messages using key versions outside active window 215 (e.g., deprecated keys 210, key versions in future keys 220, keys not within list 200, etc.).

Active window 215 enables the rotation of older keys and prevents error spiking on the client-side. This allows older keys and the newer keys to exist in rotation, eliminating the need for system downtime to rotate the keys. In addition, accepting an amount of keys preceding the active key pair allows handling slower clients that may have downloaded a public key from the public key distributor in the past but only sent the message shortly after a new active key had been assigned.

FIG. 3 illustrates a method 300 for managing encrypted key pairs in a distributed environment, according to one embodiment. The key publisher in the high security environment performs these steps at a specified interval. Assume for this discussion that the key publisher has an encrypted key pair list and a designated active key pair.

Method 300 begins at step 305, where the key publisher generates new encryption keys. The key publisher appends the new keys to the encrypted key pair list. At step 310, the key publisher designates a new active key pair to be the encrypted key pair succeeding the current active key pair in the list. For instance, referring to the example list 200 of FIG. 2, if the current key pair is encrypted key pair 205 ₃, the key publisher designates encrypted key pair 205 ₄ as the new active key pair.

At step 315, the key publisher publishes the public key corresponding to the designated active key pair to the public key distributor. The public key distributor issues the public key to clients that communicate sensitive data to and from the key consumers of the high security environment. At step 320, the key publisher issues the list of encrypted key pairs to the key escrow. In turn, the key escrow distributes the list to key consumers in the high security environment of the computing infrastructure. Subsequently, clients having the active key can send secure messages encrypted with the key to the key consumers that can decrypt the messages by referencing the list of encrypted key pairs generated by the key publisher.

At step 325, the key publisher deprecates and purges the old keys from the system. Completely removing older keys from the system helps provide forward secrecy. That is, even if potential attackers somehow acquire the current keys to access sensitive data, the compromise is limited to the current key and not the information exchanged using the older keys.

FIG. 4 illustrates a method 400 for decrypting messages with keys using a sliding active window in the example computing environment, according to one embodiment. Assume that a key consumer in the high security environment has already downloaded a list of encrypted key pairs from the key escrow. As shown, method 400 begins at step 405, where the key consumer receives an encrypted message containing metadata about the key. For example, the encrypted message may contain credit card information to be processed by a key consumer billing application. Further, the encrypted message may include metadata about the key, such as the version of the key. At step 407, the key consumer identifies the corresponding key version based on the provided metadata. At step 410, the key consumer determines whether the key is within the active window. As stated, the active window of the key consumer includes the keys from the current key and a specified number of previous keys. If the key is within the active window, then the key consumer decrypts the message (at step 415).

However, if the key is outside the active window, the key consumer determines whether the key is either a past key or a future key. Receiving a future key may be a result of the asynchronous nature of the key publisher broadcasting active key data to multiple key consumers. For example, a key consumer may fall out of sync with the other key consumers and lag behind by a few seconds. At any rate, the key consumer searches the list of key pairs received by the key escrow. If the key consumer identifies the given key as a future key, then the key consumer decrypts the message (at step 425) and advances the active window (at step 430). However, if the key consumers the given key as a past key outside the active window, then the key consumer flags a failure. In one embodiment, the key consumer may be configured to generate an alert upon receiving deprecated keys or invalid messages that do not decrypt.

FIG. 5 illustrates an example specific-use case 500 for managing encrypted key pairs in a distributed computing infrastructure that includes three subsystems, according to one embodiment. Key windowing allows secure communication between multiple subsystems under loose synchronization because of latency, brief subsystem outages, or other reasons. In the example specific-use case 500, three different key consumer systems A 505, B 510, and C 515 maintain a loosely synchronized view of the current key window. For example, the three subsystems may correspond to systems located in different geographic locations (e.g., the systems may correspond to credit card database applications in different countries).

As shown by each system having a different current key 530 ₁₋₃, the subsystems may fall out of sync with each other for whatever reason, such as if a link between the systems goes offline or if one of the systems loses power and subsequently reboots after a time period. However, as long as the current key of a particular subsystem remains in the windows of the other subsystems, the particular subsystem may communicate securely with the other subsystems.

In the given example, systems A 505, B 510, and C 515 might be using different keys to decrypt and access data in a secure message. Regardless, the embodiments help ascertain that the systems function reliably. For example, system C 515 has the most up-to-date information of the three subsystems, having a current active key 530 ₃ corresponding to key 5, whereas system A 505 has a current active key 530 ₁ of 3 and system B 510 has a current active key 530 ₂ of 4. Eventually, system A 505 or B 510 may receive a secure message from a client device with key information corresponding to encrypted key pair 5. Despite encrypted key pair 5 not being the current active key pair from the perspectives of system A or B, both systems can rely on the key pair list to both be able to decrypt the message and recover to the more recent active key pair.

FIG. 6 illustrates a computing system 600 configured to generate and manage key pairs within the example computing environment, according to one embodiment. As shown, the computing system 600 includes, without limitation, a central processing unit (CPU) 605, a network interface 615, a memory 620, a storage 625, each connected to a bus 617. Computing system 600 may also include an I/O device interface 610 connecting I/O devices 612 (e.g., keyboard, display, and mouse devices) to the computing system 600. Further, in context of this disclosure, the computing elements shown in computing system 600 may correspond to a physical computing system (e.g., a system in a data center) or may be a virtual computing instance executing within a computing cloud.

CPU 605 retrieves and executes programming instructions stored in memory 520 as well as stores and retrieves application data residing in memory 620. Interconnect 617 is used to transmit programming instructions and application data between CPU 605, I/O devices interface 610, storage 625, network interface 615, and memory 620. Note, CPU 605 is included to be representative of a single CPU, multiple CPUs, a single CPU having multiple processing cores, and the like. And memory 620 is generally included to be representative of a random access memory. Storage 625 may be a disk drive storage device. Although shown as a single unit, storage 625 may be a combination of fixed and/or removable storage devices, such as fixed disc drives, removable memory cards, or optical storage, network attached storage (NAS), or a storage-area network (SAN).

Illustratively, memory 620 includes a key generation component 622 and an application 624. And storage 625 includes an encrypted key pair list 626. Key generation component 622 is responsible for generating new keys to be stored in encrypted key pair list 626. Further, application 624 publishes encrypted key pair list 626 to other components in the computing infrastructure, such as the key escrow and the public key distributor. Additionally, application 624 deprecates and purges expired keys from encrypted key pair list 626.

FIG. 7 illustrates a computing system 700 configured to decrypt secure data using distributed encrypted key pair information within the example computing environment, according to one embodiment. As shown, the computing system 700 includes, without limitation, a central processing unit (CPU) 705, a network interface 715, a memory 720, a storage 725, each connected to a bus 717. Computing system 700 may also include an I/O device interface 710 connecting I/O devices 712 (e.g., keyboard, display, and mouse devices) to the computing system 700. Further, in context of this disclosure, the computing elements shown in computing system 700 may correspond to a physical computing system (e.g., a system in a data center) or may be a virtual computing instance executing within a computing cloud.

CPU 705 retrieves and executes programming instructions stored in memory 720 as well as stores and retrieves application data residing in memory 720. Interconnect 717 is used to transmit programming instructions and application data between CPU 705, I/O devices interface 710, storage 725, network interface 715, and memory 720. Note, CPU 705 is included to be representative of a single CPU, multiple CPUs, a single CPU having multiple processing cores, and the like. And memory 720 is generally included to be representative of a random access memory. Storage 725 may be a disk drive storage device. Although shown as a single unit, storage 725 may be a combination of fixed and/or removable storage devices, such as fixed disc drives, removable memory cards, or optical storage, network attached storage (NAS), or a storage-area network (SAN).

Illustratively, memory 720 includes a decryption component 722 and an application 724. And storage 725 includes an encrypted key pair list 726. Application 724 manages the key pair windowing of encrypted key pair list 726. Upon receiving a secure message from a client device (e.g., through a browser application on the device), application 724 identifies the encrypted key pair corresponding to the decryption key described in the metadata envelope of the secure message. Decryption component 722 is responsible for decrypting the secure message sent by the client.

While the foregoing is directed to embodiments of the present disclosure, other and further embodiments of the disclosure may be devised without departing from the basic scope thereof. For example, aspects of the present disclosure may be implemented in hardware, software, or a combination of hardware and software. One embodiment of the disclosure may be implemented as a program product for use with a computer system. The program(s) of the program product define functions of the embodiments (including the methods described herein) and can be contained on a variety of computer-readable storage media. Illustrative non-transitory computer-readable storage media include, but are not limited to: (i) non-writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, flash memory, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information is permanently stored; and (ii) writable storage media (e.g., a hard-disk drive or any type of solid-state random-access semiconductor memory) on which alterable information is stored. Such computer-readable storage media, when carrying computer-readable instructions that direct the functions of the present disclosure, are embodiments of the present disclosure.

Although certain embodiments may achieve advantages over other possible solutions and/or over the prior art, whether a particular advantage is achieved by a given embodiment is not limiting. Thus, the following aspects, features, embodiments and advantages are merely illustrative and are not considered elements or limitations of the appended claims except where explicitly recited in a claim(s).

Aspects of the present disclosure may be embodied as a system, method or computer program product. Accordingly, embodiments presented herein may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, embodiments may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples a computer readable storage medium include: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the current context, a computer readable storage medium may be any tangible or otherwise non-transitory medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus or device.

The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments presented herein. In this regard, each block in the flowchart or block diagrams may represent a module, segment or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations can be implemented by special-purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Embodiments disclosed herein may be provided to end users through a cloud computing infrastructure. Cloud computing generally refers to the provision of scalable computing resources as a service over a network. More formally, cloud computing may be defined as a computing capability that provides an abstraction between the computing resource and its underlying technical architecture (e.g., servers, storage, networks), enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Thus, cloud computing allows a user to access virtual computing resources (e.g., storage, data, applications, and even complete virtualized computing systems) in “the cloud,” without regard for the underlying physical systems (or locations of those systems) used to provide the computing resources. A user can access any of the resources that reside in the cloud at any time, and from anywhere across the Internet.

Advantageously, the embodiments enable enterprises operating in a cloud computing environment to significantly reduce the scope of the high security infrastructure while still being able to retain the agility and flexibility afforded by the cloud environment. By automating the key rotation process, the need for manual intervention (e.g., by requiring system downtimes to rotate encryption keys) is reduced significantly (or otherwise non-existent). Further, the system disclosed by the embodiments is resilient and highly available, so even if one of the components goes offline for whatever reason, the system can remain operational because the other running components in the infrastructure have the data (e.g., key pair lists, information about the active key pairs, etc.) to manage and process key pairs. An administrator can adjust the resiliency of the system by increasing the size of the encrypted key pair list. The sliding window approach also helps to minimize data compromise and provide forward secrecy. That is, because the key publisher deprecates and purges old keys from the system, an attacker that acquires the old public keys is unable to use the keys in decrypting secure messages. Additionally, the amount of data loss in event of a compromise is proportional to the interval at which the key publisher updates the list, so a smaller interval may result in the system being subject to less data compromise. And adjusting the size of the active window allows the computing infrastructure to scale up or down and tighten or loosen synchronization between systems based on the desired requirements.

In view of the foregoing, the scope of the present disclosure is determined by the claims that follow. 

What is claimed is:
 1. A method, comprising: receiving an encrypted message having associated metadata; identifying a first key pair included in a list of key pairs based on the metadata; determining whether the first key pair is included in an active window associated with the list of key pairs; and if the first key pair is included in the active window, then decrypting the encrypted message based on a decryption key associated with the first key pair; or if the first key pair is not included in the active window but is subsequent to a currently active key pair in the list of key pairs, then decrypting the encrypted message based on a decryption key associated with the first key pair and advancing the active window to include the first key pair; or if the first key pair is not included in the active window and is prior to a currently active key pair in the list of key pairs, then indicating a failure.
 2. The method of claim 1, further comprising publishing a public key corresponding to the first key pair to a key distributor.
 3. The method of claim 2, wherein the key distributor issues the public key to one or more client computers.
 4. The method of claim 3, wherein the encrypted message is received from a first client computer that is configured to encrypt a message with the public key to generate the encrypted message.
 5. The method of claim 1, further comprising downloading the list of key pairs from a key escrow.
 6. The method of claim 1, further comprising defining the active window to have a size and indicating a certain number of key pairs that are valid for transactions.
 7. The method of claim 1, further comprising generating the list of key pairs, and publishing the list of key pairs to a key escrow.
 8. A computing infrastructure, comprising: one more computer systems that include one or memories storing a key publisher and a key consumer, wherein the key publisher is configured to: generate a list of encrypted key pairs, designate a key pair included in the list of encrypted key pairs as a currently active key pair, publishing a public key corresponding to the currently active key pair to a key distributor, and publishing the list of encrypted key pairs to a key escrow; and wherein the key consumer is configured to: receive the list of encrypted key pairs from the key escrow, receive an encrypted message from a client computer having associated metadata, identify a first key pair included in the list of key pairs based on the metadata; determine whether the first key pair is included in an active window that is associated with the list of key pairs and includes the currently active key pair; and decrypt the encrypted message based on a decryption key associated with the first key pair and advance the active window to include the first key pair when the first key pair is not included in the active window but is subsequent to the currently active key pair in the list of key pairs.
 9. The computer infrastructure of claim 8, wherein the key consumer is further configured to decrypt the encrypted message based on the decryption key associated with the first key pair when the first key pair is included in the active window.
 10. The computer infrastructure of claim 9, wherein the key consumer is further configured to indicate a failure when the first key pair is not included in the active window and is prior to the currently active key pair in the list of key pairs.
 11. The computer infrastructure of claim 8, wherein the key distributor issues the public key to one or more client computers.
 12. The computer infrastructure of claim 11, wherein the client computer that is configured to encrypt a message with the public key to generate the encrypted message.
 13. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to decrypt encrypted messages by performing the steps of: receiving a list of encrypted key pairs from a key escrow; receiving an encrypted message having associated metadata; identifying a first key pair included in the list of key pairs based on the metadata; determining whether the first key pair is included in an active window associated with the list of key pairs; and decrypting the encrypted message based on a decryption key associated with the first key pair when the first key pair is included in the active window.
 14. The non-transitory computer-readable medium of claim 13, further comprising decrypting the encrypted message based on the decryption key associated with the first key pair and advancing the active window to include the first key pair when the first key pair is not included in the active window but is subsequent to a currently active key pair in the list of key pairs.
 15. The non-transitory computer-readable medium of claim 13, further comprising indicating a failure when the first key pair is not included in the active window and is prior to a currently active key pair in the list of key pairs.
 16. The non-transitory computer-readable medium of claim 13, comprising publishing a public key corresponding to the first key pair to a key distributor.
 17. The non-transitory computer-readable medium of claim 16, wherein the key distributor issues the public key to one or more client computers.
 18. The non-transitory computer-readable medium of claim 17, wherein the encrypted message is received from a first client computer that is configured to encrypt a message with the public key to generate the encrypted message.
 19. The non-transitory computer-readable medium of claim 13, further comprising downloading the list of key pairs from a key escrow.
 20. The non-transitory computer-readable medium of claim 13, further comprising defining the active window to have a size and indicating a certain number of key pairs that are valid for transactions.
 21. The non-transitory computer-readable medium of claim 14, further comprising generating the list of key pairs, and publishing the list of key pairs to a key escrow. 